Help with stripslashes in text fields

Anon

I have no problems using stripslashes in text areas, but for some reason I'm having problems using this function in text fields. For example, if I type the following in the text box:
isn't this fun?

Everything is stripped off after the single quote so all I get is: isn

My code for the text box is as follows:

print"<td><input type='text' name='title'"; $title=stripslashes($title); print"value='$title' size='40' maxlength='60'></td>";

My code for the textarea box which works fine is as follows:

print"<td><textarea name='test' rows='20' cols='35' wrap='physical'>";$test=stripslashes($test);print"$test</textarea></td>";

Can someone tell me what I'm doing wrong? It's probably a silly mistake, but I can't figure it out.

Thank you.

mithril

By stripping out the slash, your single quote is effectively terminating the value param. of the intput box. Either don't stripslash this field, or change the single quotes in the HTML to doubles. There's also no need to stripslash() the variable back into itself (it adds unnecessary, but minimal, overhead), simply print the stripslash() results

print "<td><input type=\"text\" name=\"title\" value=\"".stripslashes($title)."\" size=\"40\" maxlength=\"60\"></td>";

HTH.

-geoff

Anon

Thanks a lot Geoff. It works fine now. However, I'm still a bit unclear as to why I was having problems with the text box but not the textarea. Also what do the dots mean before and after the stripslashes function?

I'm new to programming so bear with me if the answer to these questions are obvious.

mithril

No worries🙂 Basically want was happening was this was getting sent to the browser:

Since you enclosed your value value (akward that🙂 in single quotes, the browser was interpreting the apstrophe in "It's" as the closing quote. By calling stripslashes() on $title, you were ensuring that "It's" and not "It\'s" was being sent. "It\'s" would have worked properly.

The reason why it worked in the <textarea> and not in the <input> is that the data in a textarea is enclosed between open and close tags (ie. <textarea>$text</textarea>). Since the text isn't passed as a parameter enclosed in quotes, the escape slashes are read as text and not escapes. When text is passed into an input, it is usually in a quoted parameter (ie. value='$text') and so escape slashes are read as escapes and not printed. Does that make sense or have I just muddied the waters here?

Let's say $text = "more text, it\'s a good thing";

The dots are concatenation operators. PHP supports something called variable interpolation. Basically, that means you can call a variable within a string to print or concatenate.

  echo "This is text. This is more text: $text";

will print:

  This is text. This is more text: more text, it\'s a good thing

f you try to place a function call inside a string, it simply prints the text of the function call.

  echo "This is text. This is more text: stripslashes($text)";

will print:

  This is text. This is more text: stripslashes(more text, it\'s a good thing)

You need to escape from the string itself and then concatenate the function's output back into the string. To do that you close the string with a quote (single or double dependingly) and use the concatenation operator to append the function return. You can then use the concatentation operation and a quote to re-open the string and continue typing. So......

echo "This is text. This is more text: ".stripslashes($text);

prints

  This is text. This is more text: stripslashes(more text, it's a good thing)

with the escape slash happily removed. HTH. Feel free to drop an email if you want further explanation or clarification. The PHP Manual is also a great spot for info, I'd highly recommend taking a glance through it: http://www.php.net/manual/en/.

-geoff

mithril

Damn🙂 Error in the last bit of my previous post:

  echo "This is text. This is more text: ".stripslashes($text);

prints

  This is text. This is more text: stripslashes(more text, it's a good thing)

should have read

  echo "This is text. This is more text: ".stripslashes($text);

prints

  This is text. This is more text: more text, it's a good thing

🙂
-geoff

Anon

Hi Geoff. I appreciate you taking your time out to clear things up for me. It all makes sense now 🙂 I am aware of the php manual, but at times I still need further clarification since I'm new to all of this.

Regards,
Elizabeth